On 14/03/07, me <mlists at e-beyond.de> wrote:
> Hello Graham,
>> Am Mittwoch 14 März 2007 06:54:30 schrieben Sie:
> > On 14/03/07, me <mlists at e-beyond.de> wrote:
> > If you have defined use of mod_python.publisher for the directory the
> > factory method is in, all those files in the 'Contents' subdirectory
> > will also be visible through mod_python.publisher. You should
> > therefore move your 'Contents' directory out of the web server
> > document tree to avoid them being called directly, or put a .htaccess
> > file in the 'Contents' directory which contains:
> >
> > Deny from all
> >
> > This will stop them being accessible by mod_python.publisher from a client.
>> I thought I've read in the documentation that when I create a directory with
> an leading underscore the directory is protected.
>http://www.modpython.org/live/current/doc-html/hand-pub-alg-trav.html> My directory structure looks like that:
>> DocumentRoot/_modules/Contents/__init__.py
> MainIndex.py
> /index.py
>> And the module directory is provided to the importer in the apache
> configuration:
>> PythonOption
> mod_python.importer.path "['/www/www.isi-muenchen.de/htdocs/_module']"
>> I think that should be okay... ??
Correct on the underscore, although a .htaccess file is still a good
idea because if someone stuffs up the main Apache configuration they
could inadvertently expose your source code still since the only thing
stopping it from being visible is mod_python.publisher at the moment.
As far as import_module(), that also should work with that importer
path, although using a non obvious aspect of import_module() which I
am not sure is actually documented as a feature and you probably
should not rely upon. That is that using relative path of './' will
resolve relative to directory the call is done from, but in your case
you have stumbled upon fact that implementation actually also tries to
find a module by appending a './' prefixed path to any of the
directories in the importer path. Thus why it finds './Contents' even
though it isn't in the directory the call is being made from but
elsewhere. You would be better off reserving './' for when you really
mean relative to the same directory. Instead use just:
module = apache.import_module('Contents/' + className)
This will have the same affect and that it isn't a relative path
implies better that a search is being done.
Other options is to be explicit:
module = apache.import _module('~/_modules/Contents/' + className + '.py')
BTW, the 'Contents/__init__.py' will not be getting imported unless
you explicitly do so. Ie., not treated like a package.
Also, please keep followups on the mailing list.
Graham